Spam and Untangle

Two weeks ago I configured and installed an Untangle box on our network. Untangle is a Linux distribution designed to do network firewalling, bridging, anti-spam, etc. It’s 100% GUI- and web-based, and it takes literally 5 minutes to set up. Speaking as someone who built the same thing from a Debian command-line ten years ago, this is light-years above and beyond what we had back then. (Remember the transition from ipchains to iptables?)

We’re essentially using the Untangle box to see if we want to spend the money on a Firebox, or if micromanaging our network traffic like that is more hassle than it is worth. I’ve used Fireboxes at previous jobs, and they have always been okay, but they never seem to do everything I need them to do.

Anyway, one of the primary reasons for adding in the Untangle box was for anti-spam functionality. We’re a small company with only 100 mailboxes, but we’ve been around for years and our original website was built in the days when it was safe to put your contact emails on web pages. We’ve got a couple of people that have been with the company long enough that they were getting upwards of 700 spams per day, above and beyond what our McAfee GroupShield was able to filter out. I jumped through the hoops to get SpamAssassin to talk to Exchange, but with Bayesian filtering turned on the single-threaded SMTP sink to spamd just couldn’t keep up—during busy hours we’d creep up to a 30 minute wait in the queue.

Here’s a picture of incoming spam on a typical day:

Yes, that really does peak at over 750 spam emails per minute. For our 100-person mail server, that’s a new spam per person every 8 seconds. Yay. Or, put another way, here are the numbers for a single day (yesterday):

Scanned emails: 1.315 million  
Spam connections rejected using DNS blacklists: 1.309 million 99.56%
Accepted and marked as probable spam: 3,276 0.24%
Accepted and probably clean: 2,760 0.20%

I can certainly believe an average of 28 clean emails per day per user. But look at that percentage: only one-fifth of one percent of all incoming mail is legit. That completely blows my mind.

Since we dropped the Untangle box in place (it really is that easy—unplug your external line from your router, plug it into the Untangle box, then plug the Untangle box into the router) our spam situation has gotten much better. We could still do a little tweaking, but it’s not bad. We’ve left the GroupShield filter in place as well as the SpamAssassin SMTP sink, but Untangle does the bulk of the heavy lifting and keeps both of them from getting overtaxed.

I would prefer a little more configurability via the GUI (as I know I can pop the hood and go command-line, but I don’t know if I would break any of the magic) but the GUI is downright awesome for anyone who doesn’t have a networking degree or certification. If your business is beginning to grow and find itself beyond the abilities of simple SOHO solutions, an Untangle box might be a good idea for you. For what we paid for it, absolutely nothing but a spare workstation and a CDR blank, it’s a steal.

By Rick Osborne

I am a web geek who has been doing this sort of thing entirely too long. I rant, I muse, I whine. That is, I am not at all atypical for my breed.